i've recently come to a usb flash drive virus. it was hidden in \recycler under a sid-like folder name with the file name isew32.exe or something like that. I carried the flash drive from the infected computer to a clean one (with autorun.inf disabled) and scanned it with clamwin 0.94.1. the file was with hidden and read-only attribute, and was not even listed by the scanner. once i right-clicked and unhidden the file, clamwin was able to scan it. come on... this is 2009... why are you fooled by 1980's tricks ?!?

os: winxp sp3

The autorun worms are really getting prevalent. I see several every day, and they are usually targeting removable storage devices. Malware writers are using them because they work.

Microsoft said recently that users are responsible for something in excess of 90% of the success of exploits. It's probably similar to that for many other infection vectors as well. In addition, there's lots of bad/sloppy code on many web sites. If we users would exercise more "safe computing," and web sites tightened up their code, we could put a lot of virus writers out of work.

By the way, I see Kaspersky's site was hacked by a "white hat" type person.

Regards,

hm, i wanted to make sure the problem is reproductible
i did the following on a clean computer:

* download eicar.com test virus file to an empty folder c:\test
* right click the downloaded file and choose properties, then check the hidded and read-only attribute
* download and install clamwin 0.94.1, update the virus database
* scan the c:\test folder

expected results: file eicar.com found and reported

actual results: file eicar.com found and reported

so I believe the worm/virus must have hidden itself from filesystem api calls on the infected machine.

false bug report, sorry